diff options
author | Kali Kaneko <kali@leap.se> | 2017-07-18 11:54:29 -0400 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-07-18 11:54:29 -0400 |
commit | 4fd64892c777a30816c24bf2926ba210b442c86b (patch) | |
tree | 15b4341117556411950063caeb1a9765825287b6 | |
parent | d448fbe951c823d2a79aee6292bb942afa2ee6dc (diff) |
[pkg] cover corner case with scrypt path
there is a combination that was failing, with a recent-enough version of
cryptography coming from jessie-backports (>1.0), but still being linked
to openssl 1.0 which does not have a usable scrypt backend.
with this commit we fallback on doing scrypt using python's scrypt
package.
-rw-r--r-- | src/leap/soledad/client/_scrypt.py | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/leap/soledad/client/_scrypt.py b/src/leap/soledad/client/_scrypt.py index 03dcab40..674fabd7 100644 --- a/src/leap/soledad/client/_scrypt.py +++ b/src/leap/soledad/client/_scrypt.py @@ -18,18 +18,26 @@ try: from cryptography.hazmat.backends.interfaces import ScryptBackend from cryptography.hazmat.backends import default_backend + from cryptography.exceptions import UnsupportedAlgorithm backend = default_backend() OPENSSL_HAS_SCRYPT = isinstance(backend, ScryptBackend) except ImportError: OPENSSL_HAS_SCRYPT = False +def _fallback_hash(secret, salt, buflen=32): + import scrypt + return scrypt.hash(secret, salt, buflen=buflen) + if OPENSSL_HAS_SCRYPT: from cryptography.hazmat.primitives.kdf.scrypt import Scrypt def hash(secret, salt, buflen=32): - return Scrypt(salt, buflen, 16384, 8, 1, backend).derive(secret) -else: - import scrypt + try: + _hash = Scrypt( + salt, buflen, 16384, 8, 1, backend).derive(secret) + except UnsupportedAlgorithm: + _hash = _fallback_hash(secret, salt, buflen) + return _hash - def hash(secret, salt, buflen=32): - return scrypt.hash(secret, salt, buflen=buflen) +else: + hash = _fallback_hash |